AWS Security Engineer, Information System Security Officer (ISSO)

Peraton is seeking an AWS Security Engineer, Information System Security Officer (ISSO) as part of the PERATON DHS’ Security team as a Cybersecurity operational compliance role within the Citizen Security and Public Services Sector (CS&PSS). The ideal candidate will become part of Peraton’s Department of Homeland Security (DHS) Datacenter Consolidation and Cloud Optimization (DCCO) program providing ISSO support to the DHS Homeland Advanced Recognition Technology (HART) biometric system. The position is responsible for performing as a named ISSO for a Government Systems and assisting other ISSOs with end-to-end Governance Risk and Compliance (GRC) functions that entails security control implementation, continuous monitoring, and federal Assessment and Authorization (A&A) activities.   

Day to Day Work Responsibilities:

• Works closely under the supervision of Cybersecurity Manager and with other security personnel within Peraton CS&PSS Sector to ensure operational security measures are implemented.
• Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
• Reviews and continuously monitors implemented security controls.
• Creates and maintains security checklists, templates, and other tools to aid in the A&A process.
• Performs security control assessment using Agency guidelines/NIST guidance and as per continuous monitoring requirements.
• Performs risk analyses to determine and recommends essential safeguards.
• Proactively mitigates system vulnerabilities and recommends compensating controls.
• Prepares security authorization packages in accordance with the client contractual requirements.
• Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
• Maintains client-specific Plan of Action and Milestones and supports remediation activities.
• Maintains an inventory of hardware and software for the information system.
• Develops, tests and trains on Contingency and Incident Response planning.
• Experience working with the National Institute of Standards National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) requirements and reporting.
• Experience in managing security Certification and Accreditation activities utilizing common control frameworks.
• Experience with risk mitigation and selecting or designing appropriate security controls for implementation.
• Experience applying cloud security concepts, requirements, design development, implementation, and integration for existing and new technology product offerings.
• Experience with overseeing compliance programs in Microsoft Azure, Amazon AWS, PCI DSS, and FedRamp cloud environments
• Experience in coordinating, monitoring and tracking security activities across multiple organizations.
• Experience in managing security posture of cloud environment, and working with engineering teams to remediate, and communicating overall risk of environment while identifying areas of improvement.
• Demonstrated understanding and experience with DevSecOps

Basic Qualifications: 

• High School diploma or equavalent and 5 years of experience.
• U.S. citizenship and the ability to obtain/maintain a U.S. government agency level clearance (the DHS EOD, which you must have prior to starting).
• Must have excellent written and verbal communication skills.
• Hands-on experience with cloud platforms, particularly AWS, with knowledge of cloud security controls, risk management, and implementation in a federal or highly regulated environment.
• Strong working knowledge of NIST standards (NIST 800-53, NIST 800-37), FISMA, and FedRAMP compliance requirements, along with experience implementing these frameworks in cloud environments.
• Proven experience conducting security control assessments, developing security authorization packages, and handling continuous monitoring responsibilities for federal systems.
• Experience in conducting risk assessments, managing incidents, developing Incident Response Plans, and tracking remediation efforts to ensure ongoing compliance.
• Proficiency in developing and maintaining essential security documentation, including System Security Plans (SSP), Standard Operating Procedures (SOPs), Contingency Plans, and Plan of Action and Milestones (POA&M) documents.

Preferred Qualifications:

• Bachelors degree and 5 years of experience or a Masters degree and 3 years of experience or a High School diploma and 9 years of experience.
• Experience of working with Federal Information Processing (FIPS), FISMA, FedRAMP and Other Cyber Security related laws, regulations and directives
• Experience of presenting at client meetings
• Experience of translating contractual security requirements to deliverables
• CISSP or CISM; At least one Cloud Security Certification: AWS Security Professional; CCSP; MS Azure Security Certification; CCSK, CISA, CRISC, GSEC, ComTIA Sec+

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.